2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
4 Copyright (C) 2009-2010 Gustavo F. Padovan <gustavo@padovan.org>
5 Copyright (C) 2010 Google Inc.
6 Copyright (C) 2011 ProFUSION Embedded Systems
8 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
10 This program is free software; you can redistribute it and/or modify
11 it under the terms of the GNU General Public License version 2 as
12 published by the Free Software Foundation;
14 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
15 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
16 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
17 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
18 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
19 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
20 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
21 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
23 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
24 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
25 SOFTWARE IS DISCLAIMED.
28 /* Bluetooth L2CAP sockets. */
30 #include <linux/module.h>
31 #include <linux/export.h>
33 #include <net/bluetooth/bluetooth.h>
34 #include <net/bluetooth/hci_core.h>
35 #include <net/bluetooth/l2cap.h>
41 static struct bt_sock_list l2cap_sk_list = {
42 .lock = __RW_LOCK_UNLOCKED(l2cap_sk_list.lock)
45 static const struct proto_ops l2cap_sock_ops;
46 static void l2cap_sock_init(struct sock *sk, struct sock *parent);
47 static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock,
48 int proto, gfp_t prio);
50 bool l2cap_is_socket(struct socket *sock)
52 return sock && sock->ops == &l2cap_sock_ops;
54 EXPORT_SYMBOL(l2cap_is_socket);
56 static int l2cap_validate_bredr_psm(u16 psm)
58 /* PSM must be odd and lsb of upper byte must be 0 */
59 if ((psm & 0x0101) != 0x0001)
62 /* Restrict usage of well-known PSMs */
63 if (psm < 0x1001 && !capable(CAP_NET_BIND_SERVICE))
69 static int l2cap_validate_le_psm(u16 psm)
71 /* Valid LE_PSM ranges are defined only until 0x00ff */
75 /* Restrict fixed, SIG assigned PSM values to CAP_NET_BIND_SERVICE */
76 if (psm <= 0x007f && !capable(CAP_NET_BIND_SERVICE))
82 static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen)
84 struct sock *sk = sock->sk;
85 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
86 struct sockaddr_l2 la;
91 if (!addr || addr->sa_family != AF_BLUETOOTH)
94 memset(&la, 0, sizeof(la));
95 len = min_t(unsigned int, sizeof(la), alen);
96 memcpy(&la, addr, len);
98 if (la.l2_cid && la.l2_psm)
101 if (!bdaddr_type_is_valid(la.l2_bdaddr_type))
104 if (bdaddr_type_is_le(la.l2_bdaddr_type)) {
105 if (!enable_lecoc && la.l2_psm)
107 /* We only allow ATT user space socket */
109 la.l2_cid != __constant_cpu_to_le16(L2CAP_CID_ATT))
115 if (sk->sk_state != BT_OPEN) {
121 __u16 psm = __le16_to_cpu(la.l2_psm);
123 if (la.l2_bdaddr_type == BDADDR_BREDR)
124 err = l2cap_validate_bredr_psm(psm);
126 err = l2cap_validate_le_psm(psm);
133 err = l2cap_add_scid(chan, __le16_to_cpu(la.l2_cid));
135 err = l2cap_add_psm(chan, &la.l2_bdaddr, la.l2_psm);
140 switch (chan->chan_type) {
141 case L2CAP_CHAN_CONN_LESS:
142 if (__le16_to_cpu(la.l2_psm) == L2CAP_PSM_3DSP)
143 chan->sec_level = BT_SECURITY_SDP;
145 case L2CAP_CHAN_CONN_ORIENTED:
146 if (__le16_to_cpu(la.l2_psm) == L2CAP_PSM_SDP ||
147 __le16_to_cpu(la.l2_psm) == L2CAP_PSM_RFCOMM)
148 chan->sec_level = BT_SECURITY_SDP;
152 bacpy(&chan->src, &la.l2_bdaddr);
153 chan->src_type = la.l2_bdaddr_type;
155 if (chan->psm && bdaddr_type_is_le(chan->src_type))
156 chan->mode = L2CAP_MODE_LE_FLOWCTL;
158 chan->state = BT_BOUND;
159 sk->sk_state = BT_BOUND;
166 static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr,
169 struct sock *sk = sock->sk;
170 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
171 struct sockaddr_l2 la;
176 if (!addr || alen < sizeof(addr->sa_family) ||
177 addr->sa_family != AF_BLUETOOTH)
180 memset(&la, 0, sizeof(la));
181 len = min_t(unsigned int, sizeof(la), alen);
182 memcpy(&la, addr, len);
184 if (la.l2_cid && la.l2_psm)
187 if (!bdaddr_type_is_valid(la.l2_bdaddr_type))
190 /* Check that the socket wasn't bound to something that
191 * conflicts with the address given to connect(). If chan->src
192 * is BDADDR_ANY it means bind() was never used, in which case
193 * chan->src_type and la.l2_bdaddr_type do not need to match.
195 if (chan->src_type == BDADDR_BREDR && bacmp(&chan->src, BDADDR_ANY) &&
196 bdaddr_type_is_le(la.l2_bdaddr_type)) {
197 /* Old user space versions will try to incorrectly bind
198 * the ATT socket using BDADDR_BREDR. We need to accept
199 * this and fix up the source address type only when
200 * both the source CID and destination CID indicate
201 * ATT. Anything else is an invalid combination.
203 if (chan->scid != L2CAP_CID_ATT ||
204 la.l2_cid != __constant_cpu_to_le16(L2CAP_CID_ATT))
207 /* We don't have the hdev available here to make a
208 * better decision on random vs public, but since all
209 * user space versions that exhibit this issue anyway do
210 * not support random local addresses assuming public
211 * here is good enough.
213 chan->src_type = BDADDR_LE_PUBLIC;
216 if (chan->src_type != BDADDR_BREDR && la.l2_bdaddr_type == BDADDR_BREDR)
219 if (bdaddr_type_is_le(la.l2_bdaddr_type)) {
220 if (!enable_lecoc && la.l2_psm)
222 /* We only allow ATT user space socket */
224 la.l2_cid != __constant_cpu_to_le16(L2CAP_CID_ATT))
228 if (chan->psm && bdaddr_type_is_le(chan->src_type))
229 chan->mode = L2CAP_MODE_LE_FLOWCTL;
231 err = l2cap_chan_connect(chan, la.l2_psm, __le16_to_cpu(la.l2_cid),
232 &la.l2_bdaddr, la.l2_bdaddr_type);
238 err = bt_sock_wait_state(sk, BT_CONNECTED,
239 sock_sndtimeo(sk, flags & O_NONBLOCK));
246 static int l2cap_sock_listen(struct socket *sock, int backlog)
248 struct sock *sk = sock->sk;
249 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
252 BT_DBG("sk %p backlog %d", sk, backlog);
256 if (sk->sk_state != BT_BOUND) {
261 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM) {
266 switch (chan->mode) {
267 case L2CAP_MODE_BASIC:
268 case L2CAP_MODE_LE_FLOWCTL:
270 case L2CAP_MODE_ERTM:
271 case L2CAP_MODE_STREAMING:
280 sk->sk_max_ack_backlog = backlog;
281 sk->sk_ack_backlog = 0;
283 chan->state = BT_LISTEN;
284 sk->sk_state = BT_LISTEN;
291 static int l2cap_sock_accept(struct socket *sock, struct socket *newsock,
294 DECLARE_WAITQUEUE(wait, current);
295 struct sock *sk = sock->sk, *nsk;
299 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
301 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
303 BT_DBG("sk %p timeo %ld", sk, timeo);
305 /* Wait for an incoming connection. (wake-one). */
306 add_wait_queue_exclusive(sk_sleep(sk), &wait);
308 set_current_state(TASK_INTERRUPTIBLE);
310 if (sk->sk_state != BT_LISTEN) {
315 nsk = bt_accept_dequeue(sk, newsock);
324 if (signal_pending(current)) {
325 err = sock_intr_errno(timeo);
330 timeo = schedule_timeout(timeo);
331 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
333 __set_current_state(TASK_RUNNING);
334 remove_wait_queue(sk_sleep(sk), &wait);
339 newsock->state = SS_CONNECTED;
341 BT_DBG("new socket %p", nsk);
348 static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr,
351 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr;
352 struct sock *sk = sock->sk;
353 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
355 BT_DBG("sock %p, sk %p", sock, sk);
357 memset(la, 0, sizeof(struct sockaddr_l2));
358 addr->sa_family = AF_BLUETOOTH;
359 *len = sizeof(struct sockaddr_l2);
362 la->l2_psm = chan->psm;
363 bacpy(&la->l2_bdaddr, &chan->dst);
364 la->l2_cid = cpu_to_le16(chan->dcid);
365 la->l2_bdaddr_type = chan->dst_type;
367 la->l2_psm = chan->sport;
368 bacpy(&la->l2_bdaddr, &chan->src);
369 la->l2_cid = cpu_to_le16(chan->scid);
370 la->l2_bdaddr_type = chan->src_type;
376 static int l2cap_sock_getsockopt_old(struct socket *sock, int optname,
377 char __user *optval, int __user *optlen)
379 struct sock *sk = sock->sk;
380 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
381 struct l2cap_options opts;
382 struct l2cap_conninfo cinfo;
388 if (get_user(len, optlen))
395 /* LE sockets should use BT_SNDMTU/BT_RCVMTU, but since
396 * legacy ATT code depends on getsockopt for
397 * L2CAP_OPTIONS we need to let this pass.
399 if (bdaddr_type_is_le(chan->src_type) &&
400 chan->scid != L2CAP_CID_ATT) {
405 memset(&opts, 0, sizeof(opts));
406 opts.imtu = chan->imtu;
407 opts.omtu = chan->omtu;
408 opts.flush_to = chan->flush_to;
409 opts.mode = chan->mode;
410 opts.fcs = chan->fcs;
411 opts.max_tx = chan->max_tx;
412 opts.txwin_size = chan->tx_win;
414 len = min_t(unsigned int, len, sizeof(opts));
415 if (copy_to_user(optval, (char *) &opts, len))
421 switch (chan->sec_level) {
422 case BT_SECURITY_LOW:
425 case BT_SECURITY_MEDIUM:
426 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT;
428 case BT_SECURITY_HIGH:
429 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT |
437 if (test_bit(FLAG_ROLE_SWITCH, &chan->flags))
438 opt |= L2CAP_LM_MASTER;
440 if (test_bit(FLAG_FORCE_RELIABLE, &chan->flags))
441 opt |= L2CAP_LM_RELIABLE;
443 if (put_user(opt, (u32 __user *) optval))
448 if (sk->sk_state != BT_CONNECTED &&
449 !(sk->sk_state == BT_CONNECT2 &&
450 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) {
455 memset(&cinfo, 0, sizeof(cinfo));
456 cinfo.hci_handle = chan->conn->hcon->handle;
457 memcpy(cinfo.dev_class, chan->conn->hcon->dev_class, 3);
459 len = min_t(unsigned int, len, sizeof(cinfo));
460 if (copy_to_user(optval, (char *) &cinfo, len))
474 static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname,
475 char __user *optval, int __user *optlen)
477 struct sock *sk = sock->sk;
478 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
479 struct bt_security sec;
485 if (level == SOL_L2CAP)
486 return l2cap_sock_getsockopt_old(sock, optname, optval, optlen);
488 if (level != SOL_BLUETOOTH)
491 if (get_user(len, optlen))
498 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
499 chan->chan_type != L2CAP_CHAN_RAW) {
504 memset(&sec, 0, sizeof(sec));
506 sec.level = chan->conn->hcon->sec_level;
508 if (sk->sk_state == BT_CONNECTED)
509 sec.key_size = chan->conn->hcon->enc_key_size;
511 sec.level = chan->sec_level;
514 len = min_t(unsigned int, len, sizeof(sec));
515 if (copy_to_user(optval, (char *) &sec, len))
521 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
526 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags),
527 (u32 __user *) optval))
533 if (put_user(test_bit(FLAG_FLUSHABLE, &chan->flags),
534 (u32 __user *) optval))
540 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM
541 && sk->sk_type != SOCK_RAW) {
546 pwr.force_active = test_bit(FLAG_FORCE_ACTIVE, &chan->flags);
548 len = min_t(unsigned int, len, sizeof(pwr));
549 if (copy_to_user(optval, (char *) &pwr, len))
554 case BT_CHANNEL_POLICY:
555 if (put_user(chan->chan_policy, (u32 __user *) optval))
561 err = -EPROTONOSUPPORT;
565 if (!bdaddr_type_is_le(chan->src_type)) {
570 if (sk->sk_state != BT_CONNECTED) {
575 if (put_user(chan->omtu, (u16 __user *) optval))
581 err = -EPROTONOSUPPORT;
585 if (!bdaddr_type_is_le(chan->src_type)) {
590 if (put_user(chan->imtu, (u16 __user *) optval))
603 static bool l2cap_valid_mtu(struct l2cap_chan *chan, u16 mtu)
605 switch (chan->scid) {
607 if (mtu < L2CAP_LE_MIN_MTU)
612 if (mtu < L2CAP_DEFAULT_MIN_MTU)
619 static int l2cap_sock_setsockopt_old(struct socket *sock, int optname,
620 char __user *optval, unsigned int optlen)
622 struct sock *sk = sock->sk;
623 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
624 struct l2cap_options opts;
634 if (bdaddr_type_is_le(chan->src_type)) {
639 if (sk->sk_state == BT_CONNECTED) {
644 opts.imtu = chan->imtu;
645 opts.omtu = chan->omtu;
646 opts.flush_to = chan->flush_to;
647 opts.mode = chan->mode;
648 opts.fcs = chan->fcs;
649 opts.max_tx = chan->max_tx;
650 opts.txwin_size = chan->tx_win;
652 len = min_t(unsigned int, sizeof(opts), optlen);
653 if (copy_from_user((char *) &opts, optval, len)) {
658 if (opts.txwin_size > L2CAP_DEFAULT_EXT_WINDOW) {
663 if (!l2cap_valid_mtu(chan, opts.imtu)) {
668 chan->mode = opts.mode;
669 switch (chan->mode) {
670 case L2CAP_MODE_LE_FLOWCTL:
672 case L2CAP_MODE_BASIC:
673 clear_bit(CONF_STATE2_DEVICE, &chan->conf_state);
675 case L2CAP_MODE_ERTM:
676 case L2CAP_MODE_STREAMING:
685 chan->imtu = opts.imtu;
686 chan->omtu = opts.omtu;
687 chan->fcs = opts.fcs;
688 chan->max_tx = opts.max_tx;
689 chan->tx_win = opts.txwin_size;
690 chan->flush_to = opts.flush_to;
694 if (get_user(opt, (u32 __user *) optval)) {
699 if (opt & L2CAP_LM_AUTH)
700 chan->sec_level = BT_SECURITY_LOW;
701 if (opt & L2CAP_LM_ENCRYPT)
702 chan->sec_level = BT_SECURITY_MEDIUM;
703 if (opt & L2CAP_LM_SECURE)
704 chan->sec_level = BT_SECURITY_HIGH;
706 if (opt & L2CAP_LM_MASTER)
707 set_bit(FLAG_ROLE_SWITCH, &chan->flags);
709 clear_bit(FLAG_ROLE_SWITCH, &chan->flags);
711 if (opt & L2CAP_LM_RELIABLE)
712 set_bit(FLAG_FORCE_RELIABLE, &chan->flags);
714 clear_bit(FLAG_FORCE_RELIABLE, &chan->flags);
726 static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname,
727 char __user *optval, unsigned int optlen)
729 struct sock *sk = sock->sk;
730 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
731 struct bt_security sec;
733 struct l2cap_conn *conn;
739 if (level == SOL_L2CAP)
740 return l2cap_sock_setsockopt_old(sock, optname, optval, optlen);
742 if (level != SOL_BLUETOOTH)
749 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
750 chan->chan_type != L2CAP_CHAN_RAW) {
755 sec.level = BT_SECURITY_LOW;
757 len = min_t(unsigned int, sizeof(sec), optlen);
758 if (copy_from_user((char *) &sec, optval, len)) {
763 if (sec.level < BT_SECURITY_LOW ||
764 sec.level > BT_SECURITY_HIGH) {
769 chan->sec_level = sec.level;
776 /*change security for LE channels */
777 if (chan->scid == L2CAP_CID_ATT) {
778 if (!conn->hcon->out) {
783 if (smp_conn_security(conn->hcon, sec.level))
785 sk->sk_state = BT_CONFIG;
786 chan->state = BT_CONFIG;
788 /* or for ACL link */
789 } else if ((sk->sk_state == BT_CONNECT2 &&
790 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) ||
791 sk->sk_state == BT_CONNECTED) {
792 if (!l2cap_chan_check_security(chan))
793 set_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags);
795 sk->sk_state_change(sk);
802 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
807 if (get_user(opt, (u32 __user *) optval)) {
813 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
814 set_bit(FLAG_DEFER_SETUP, &chan->flags);
816 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
817 clear_bit(FLAG_DEFER_SETUP, &chan->flags);
822 if (get_user(opt, (u32 __user *) optval)) {
827 if (opt > BT_FLUSHABLE_ON) {
832 if (opt == BT_FLUSHABLE_OFF) {
834 /* proceed further only when we have l2cap_conn and
835 No Flush support in the LM */
836 if (!conn || !lmp_no_flush_capable(conn->hcon->hdev)) {
843 set_bit(FLAG_FLUSHABLE, &chan->flags);
845 clear_bit(FLAG_FLUSHABLE, &chan->flags);
849 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
850 chan->chan_type != L2CAP_CHAN_RAW) {
855 pwr.force_active = BT_POWER_FORCE_ACTIVE_ON;
857 len = min_t(unsigned int, sizeof(pwr), optlen);
858 if (copy_from_user((char *) &pwr, optval, len)) {
863 if (pwr.force_active)
864 set_bit(FLAG_FORCE_ACTIVE, &chan->flags);
866 clear_bit(FLAG_FORCE_ACTIVE, &chan->flags);
869 case BT_CHANNEL_POLICY:
870 if (get_user(opt, (u32 __user *) optval)) {
875 if (opt > BT_CHANNEL_POLICY_AMP_PREFERRED) {
880 if (chan->mode != L2CAP_MODE_ERTM &&
881 chan->mode != L2CAP_MODE_STREAMING) {
886 chan->chan_policy = (u8) opt;
888 if (sk->sk_state == BT_CONNECTED &&
889 chan->move_role == L2CAP_MOVE_ROLE_NONE)
890 l2cap_move_start(chan);
896 err = -EPROTONOSUPPORT;
900 if (!bdaddr_type_is_le(chan->src_type)) {
905 /* Setting is not supported as it's the remote side that
913 err = -EPROTONOSUPPORT;
917 if (!bdaddr_type_is_le(chan->src_type)) {
922 if (sk->sk_state == BT_CONNECTED) {
927 if (get_user(opt, (u32 __user *) optval)) {
944 static int l2cap_sock_sendmsg(struct kiocb *iocb, struct socket *sock,
945 struct msghdr *msg, size_t len)
947 struct sock *sk = sock->sk;
948 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
951 BT_DBG("sock %p, sk %p", sock, sk);
953 err = sock_error(sk);
957 if (msg->msg_flags & MSG_OOB)
960 if (sk->sk_state != BT_CONNECTED)
964 err = bt_sock_wait_ready(sk, msg->msg_flags);
969 l2cap_chan_lock(chan);
970 err = l2cap_chan_send(chan, msg, len, sk->sk_priority);
971 l2cap_chan_unlock(chan);
976 static int l2cap_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
977 struct msghdr *msg, size_t len, int flags)
979 struct sock *sk = sock->sk;
980 struct l2cap_pinfo *pi = l2cap_pi(sk);
985 if (sk->sk_state == BT_CONNECT2 && test_bit(BT_SK_DEFER_SETUP,
986 &bt_sk(sk)->flags)) {
987 if (bdaddr_type_is_le(pi->chan->src_type)) {
988 sk->sk_state = BT_CONNECTED;
989 pi->chan->state = BT_CONNECTED;
990 __l2cap_le_connect_rsp_defer(pi->chan);
992 sk->sk_state = BT_CONFIG;
993 pi->chan->state = BT_CONFIG;
994 __l2cap_connect_rsp_defer(pi->chan);
1003 if (sock->type == SOCK_STREAM)
1004 err = bt_sock_stream_recvmsg(iocb, sock, msg, len, flags);
1006 err = bt_sock_recvmsg(iocb, sock, msg, len, flags);
1008 if (pi->chan->mode != L2CAP_MODE_ERTM)
1011 /* Attempt to put pending rx data in the socket buffer */
1015 if (!test_bit(CONN_LOCAL_BUSY, &pi->chan->conn_state))
1018 if (pi->rx_busy_skb) {
1019 if (!sock_queue_rcv_skb(sk, pi->rx_busy_skb))
1020 pi->rx_busy_skb = NULL;
1025 /* Restore data flow when half of the receive buffer is
1026 * available. This avoids resending large numbers of
1029 if (atomic_read(&sk->sk_rmem_alloc) <= sk->sk_rcvbuf >> 1)
1030 l2cap_chan_busy(pi->chan, 0);
1037 /* Kill socket (only if zapped and orphan)
1038 * Must be called on unlocked socket.
1040 static void l2cap_sock_kill(struct sock *sk)
1042 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
1045 BT_DBG("sk %p state %s", sk, state_to_string(sk->sk_state));
1047 /* Kill poor orphan */
1049 l2cap_chan_put(l2cap_pi(sk)->chan);
1050 sock_set_flag(sk, SOCK_DEAD);
1054 static int __l2cap_wait_ack(struct sock *sk)
1056 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
1057 DECLARE_WAITQUEUE(wait, current);
1061 add_wait_queue(sk_sleep(sk), &wait);
1062 set_current_state(TASK_INTERRUPTIBLE);
1063 while (chan->unacked_frames > 0 && chan->conn) {
1067 if (signal_pending(current)) {
1068 err = sock_intr_errno(timeo);
1073 timeo = schedule_timeout(timeo);
1075 set_current_state(TASK_INTERRUPTIBLE);
1077 err = sock_error(sk);
1081 set_current_state(TASK_RUNNING);
1082 remove_wait_queue(sk_sleep(sk), &wait);
1086 static int l2cap_sock_shutdown(struct socket *sock, int how)
1088 struct sock *sk = sock->sk;
1089 struct l2cap_chan *chan;
1090 struct l2cap_conn *conn;
1093 BT_DBG("sock %p, sk %p", sock, sk);
1098 chan = l2cap_pi(sk)->chan;
1102 mutex_lock(&conn->chan_lock);
1104 l2cap_chan_lock(chan);
1107 if (!sk->sk_shutdown) {
1108 if (chan->mode == L2CAP_MODE_ERTM)
1109 err = __l2cap_wait_ack(sk);
1111 sk->sk_shutdown = SHUTDOWN_MASK;
1114 l2cap_chan_close(chan, 0);
1117 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime)
1118 err = bt_sock_wait_state(sk, BT_CLOSED,
1122 if (!err && sk->sk_err)
1126 l2cap_chan_unlock(chan);
1129 mutex_unlock(&conn->chan_lock);
1134 static int l2cap_sock_release(struct socket *sock)
1136 struct sock *sk = sock->sk;
1139 BT_DBG("sock %p, sk %p", sock, sk);
1144 bt_sock_unlink(&l2cap_sk_list, sk);
1146 err = l2cap_sock_shutdown(sock, 2);
1149 l2cap_sock_kill(sk);
1153 static void l2cap_sock_cleanup_listen(struct sock *parent)
1157 BT_DBG("parent %p", parent);
1159 /* Close not yet accepted channels */
1160 while ((sk = bt_accept_dequeue(parent, NULL))) {
1161 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
1163 l2cap_chan_lock(chan);
1164 __clear_chan_timer(chan);
1165 l2cap_chan_close(chan, ECONNRESET);
1166 l2cap_chan_unlock(chan);
1168 l2cap_sock_kill(sk);
1172 static struct l2cap_chan *l2cap_sock_new_connection_cb(struct l2cap_chan *chan)
1174 struct sock *sk, *parent = chan->data;
1178 /* Check for backlog size */
1179 if (sk_acceptq_is_full(parent)) {
1180 BT_DBG("backlog full %d", parent->sk_ack_backlog);
1184 sk = l2cap_sock_alloc(sock_net(parent), NULL, BTPROTO_L2CAP,
1189 bt_sock_reclassify_lock(sk, BTPROTO_L2CAP);
1191 l2cap_sock_init(sk, parent);
1193 bt_accept_enqueue(parent, sk);
1195 release_sock(parent);
1197 return l2cap_pi(sk)->chan;
1200 static int l2cap_sock_recv_cb(struct l2cap_chan *chan, struct sk_buff *skb)
1202 struct sock *sk = chan->data;
1207 if (l2cap_pi(sk)->rx_busy_skb) {
1212 err = sock_queue_rcv_skb(sk, skb);
1214 /* For ERTM, handle one skb that doesn't fit into the recv
1215 * buffer. This is important to do because the data frames
1216 * have already been acked, so the skb cannot be discarded.
1218 * Notify the l2cap core that the buffer is full, so the
1219 * LOCAL_BUSY state is entered and no more frames are
1220 * acked and reassembled until there is buffer space
1223 if (err < 0 && chan->mode == L2CAP_MODE_ERTM) {
1224 l2cap_pi(sk)->rx_busy_skb = skb;
1225 l2cap_chan_busy(chan, 1);
1235 static void l2cap_sock_close_cb(struct l2cap_chan *chan)
1237 struct sock *sk = chan->data;
1239 l2cap_sock_kill(sk);
1242 static void l2cap_sock_teardown_cb(struct l2cap_chan *chan, int err)
1244 struct sock *sk = chan->data;
1245 struct sock *parent;
1249 parent = bt_sk(sk)->parent;
1251 sock_set_flag(sk, SOCK_ZAPPED);
1253 switch (chan->state) {
1259 l2cap_sock_cleanup_listen(sk);
1260 sk->sk_state = BT_CLOSED;
1261 chan->state = BT_CLOSED;
1265 sk->sk_state = BT_CLOSED;
1266 chan->state = BT_CLOSED;
1271 bt_accept_unlink(sk);
1272 parent->sk_data_ready(parent, 0);
1274 sk->sk_state_change(sk);
1283 static void l2cap_sock_state_change_cb(struct l2cap_chan *chan, int state,
1286 struct sock *sk = chan->data;
1288 sk->sk_state = state;
1294 static struct sk_buff *l2cap_sock_alloc_skb_cb(struct l2cap_chan *chan,
1295 unsigned long len, int nb)
1297 struct sock *sk = chan->data;
1298 struct sk_buff *skb;
1301 l2cap_chan_unlock(chan);
1302 skb = bt_skb_send_alloc(sk, len, nb, &err);
1303 l2cap_chan_lock(chan);
1306 return ERR_PTR(err);
1308 bt_cb(skb)->chan = chan;
1313 static void l2cap_sock_ready_cb(struct l2cap_chan *chan)
1315 struct sock *sk = chan->data;
1316 struct sock *parent;
1320 parent = bt_sk(sk)->parent;
1322 BT_DBG("sk %p, parent %p", sk, parent);
1324 sk->sk_state = BT_CONNECTED;
1325 sk->sk_state_change(sk);
1328 parent->sk_data_ready(parent, 0);
1333 static void l2cap_sock_defer_cb(struct l2cap_chan *chan)
1335 struct sock *parent, *sk = chan->data;
1339 parent = bt_sk(sk)->parent;
1341 parent->sk_data_ready(parent, 0);
1346 static void l2cap_sock_resume_cb(struct l2cap_chan *chan)
1348 struct sock *sk = chan->data;
1350 clear_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags);
1351 sk->sk_state_change(sk);
1354 static void l2cap_sock_set_shutdown_cb(struct l2cap_chan *chan)
1356 struct sock *sk = chan->data;
1359 sk->sk_shutdown = SHUTDOWN_MASK;
1363 static long l2cap_sock_get_sndtimeo_cb(struct l2cap_chan *chan)
1365 struct sock *sk = chan->data;
1367 return sk->sk_sndtimeo;
1370 static void l2cap_sock_suspend_cb(struct l2cap_chan *chan)
1372 struct sock *sk = chan->data;
1374 set_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags);
1375 sk->sk_state_change(sk);
1378 static struct l2cap_ops l2cap_chan_ops = {
1379 .name = "L2CAP Socket Interface",
1380 .new_connection = l2cap_sock_new_connection_cb,
1381 .recv = l2cap_sock_recv_cb,
1382 .close = l2cap_sock_close_cb,
1383 .teardown = l2cap_sock_teardown_cb,
1384 .state_change = l2cap_sock_state_change_cb,
1385 .ready = l2cap_sock_ready_cb,
1386 .defer = l2cap_sock_defer_cb,
1387 .resume = l2cap_sock_resume_cb,
1388 .suspend = l2cap_sock_suspend_cb,
1389 .set_shutdown = l2cap_sock_set_shutdown_cb,
1390 .get_sndtimeo = l2cap_sock_get_sndtimeo_cb,
1391 .alloc_skb = l2cap_sock_alloc_skb_cb,
1394 static void l2cap_sock_destruct(struct sock *sk)
1396 BT_DBG("sk %p", sk);
1398 if (l2cap_pi(sk)->chan)
1399 l2cap_chan_put(l2cap_pi(sk)->chan);
1401 if (l2cap_pi(sk)->rx_busy_skb) {
1402 kfree_skb(l2cap_pi(sk)->rx_busy_skb);
1403 l2cap_pi(sk)->rx_busy_skb = NULL;
1406 skb_queue_purge(&sk->sk_receive_queue);
1407 skb_queue_purge(&sk->sk_write_queue);
1410 static void l2cap_skb_msg_name(struct sk_buff *skb, void *msg_name,
1413 struct sockaddr_l2 *la = (struct sockaddr_l2 *) msg_name;
1415 memset(la, 0, sizeof(struct sockaddr_l2));
1416 la->l2_family = AF_BLUETOOTH;
1417 la->l2_psm = bt_cb(skb)->psm;
1418 bacpy(&la->l2_bdaddr, &bt_cb(skb)->bdaddr);
1420 *msg_namelen = sizeof(struct sockaddr_l2);
1423 static void l2cap_sock_init(struct sock *sk, struct sock *parent)
1425 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
1427 BT_DBG("sk %p", sk);
1430 struct l2cap_chan *pchan = l2cap_pi(parent)->chan;
1432 sk->sk_type = parent->sk_type;
1433 bt_sk(sk)->flags = bt_sk(parent)->flags;
1435 chan->chan_type = pchan->chan_type;
1436 chan->imtu = pchan->imtu;
1437 chan->omtu = pchan->omtu;
1438 chan->conf_state = pchan->conf_state;
1439 chan->mode = pchan->mode;
1440 chan->fcs = pchan->fcs;
1441 chan->max_tx = pchan->max_tx;
1442 chan->tx_win = pchan->tx_win;
1443 chan->tx_win_max = pchan->tx_win_max;
1444 chan->sec_level = pchan->sec_level;
1445 chan->flags = pchan->flags;
1446 chan->tx_credits = pchan->tx_credits;
1447 chan->rx_credits = pchan->rx_credits;
1449 security_sk_clone(parent, sk);
1451 switch (sk->sk_type) {
1453 chan->chan_type = L2CAP_CHAN_RAW;
1456 chan->chan_type = L2CAP_CHAN_CONN_LESS;
1457 bt_sk(sk)->skb_msg_name = l2cap_skb_msg_name;
1459 case SOCK_SEQPACKET:
1461 chan->chan_type = L2CAP_CHAN_CONN_ORIENTED;
1465 chan->imtu = L2CAP_DEFAULT_MTU;
1467 if (!disable_ertm && sk->sk_type == SOCK_STREAM) {
1468 chan->mode = L2CAP_MODE_ERTM;
1469 set_bit(CONF_STATE2_DEVICE, &chan->conf_state);
1471 chan->mode = L2CAP_MODE_BASIC;
1474 l2cap_chan_set_defaults(chan);
1477 /* Default config options */
1478 chan->flush_to = L2CAP_DEFAULT_FLUSH_TO;
1481 chan->ops = &l2cap_chan_ops;
1484 static struct proto l2cap_proto = {
1486 .owner = THIS_MODULE,
1487 .obj_size = sizeof(struct l2cap_pinfo)
1490 static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock,
1491 int proto, gfp_t prio)
1494 struct l2cap_chan *chan;
1496 sk = sk_alloc(net, PF_BLUETOOTH, prio, &l2cap_proto);
1500 sock_init_data(sock, sk);
1501 INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
1503 sk->sk_destruct = l2cap_sock_destruct;
1504 sk->sk_sndtimeo = L2CAP_CONN_TIMEOUT;
1506 sock_reset_flag(sk, SOCK_ZAPPED);
1508 sk->sk_protocol = proto;
1509 sk->sk_state = BT_OPEN;
1511 chan = l2cap_chan_create();
1517 l2cap_chan_hold(chan);
1519 l2cap_pi(sk)->chan = chan;
1524 static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol,
1529 BT_DBG("sock %p", sock);
1531 sock->state = SS_UNCONNECTED;
1533 if (sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM &&
1534 sock->type != SOCK_DGRAM && sock->type != SOCK_RAW)
1535 return -ESOCKTNOSUPPORT;
1537 if (sock->type == SOCK_RAW && !kern && !capable(CAP_NET_RAW))
1540 sock->ops = &l2cap_sock_ops;
1542 sk = l2cap_sock_alloc(net, sock, protocol, GFP_ATOMIC);
1546 l2cap_sock_init(sk, NULL);
1547 bt_sock_link(&l2cap_sk_list, sk);
1551 static const struct proto_ops l2cap_sock_ops = {
1552 .family = PF_BLUETOOTH,
1553 .owner = THIS_MODULE,
1554 .release = l2cap_sock_release,
1555 .bind = l2cap_sock_bind,
1556 .connect = l2cap_sock_connect,
1557 .listen = l2cap_sock_listen,
1558 .accept = l2cap_sock_accept,
1559 .getname = l2cap_sock_getname,
1560 .sendmsg = l2cap_sock_sendmsg,
1561 .recvmsg = l2cap_sock_recvmsg,
1562 .poll = bt_sock_poll,
1563 .ioctl = bt_sock_ioctl,
1564 .mmap = sock_no_mmap,
1565 .socketpair = sock_no_socketpair,
1566 .shutdown = l2cap_sock_shutdown,
1567 .setsockopt = l2cap_sock_setsockopt,
1568 .getsockopt = l2cap_sock_getsockopt
1571 static const struct net_proto_family l2cap_sock_family_ops = {
1572 .family = PF_BLUETOOTH,
1573 .owner = THIS_MODULE,
1574 .create = l2cap_sock_create,
1577 int __init l2cap_init_sockets(void)
1581 err = proto_register(&l2cap_proto, 0);
1585 err = bt_sock_register(BTPROTO_L2CAP, &l2cap_sock_family_ops);
1587 BT_ERR("L2CAP socket registration failed");
1591 err = bt_procfs_init(&init_net, "l2cap", &l2cap_sk_list,
1594 BT_ERR("Failed to create L2CAP proc file");
1595 bt_sock_unregister(BTPROTO_L2CAP);
1599 BT_INFO("L2CAP socket layer initialized");
1604 proto_unregister(&l2cap_proto);
1608 void l2cap_cleanup_sockets(void)
1610 bt_procfs_cleanup(&init_net, "l2cap");
1611 bt_sock_unregister(BTPROTO_L2CAP);
1612 proto_unregister(&l2cap_proto);
1615 module_param(enable_lecoc, bool, 0644);
1616 MODULE_PARM_DESC(enable_lecoc, "Enable support for LE CoC");